search

umami-software / umami

Umami is a simple, fast, privacy-focused alternative to Google Analytics.
https://umami.is
MIT License
23.13k stars 4.3k forks source link

For malformed `/send` requests, the reason for the rejection should be included #2986

Open brianfeister opened 2 months ago

brianfeister commented 2 months ago

Describe the Bug

When my web browser makes the following API request, initiated by Umami, the response is only a 400 (header, with no body). Fortunately, when trying to reproduce this bug to share it with you fine folks (LOVE this product, btw!) I hit "Copy as cURL" in Chrome, which yields this cURL command:

curl 'https://api-gateway.umami.dev/api/send' \
  -H 'accept: */*' \
  -H 'accept-language: en-US,en;q=0.9,ja-JP;q=0.8,ja;q=0.7' \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/json' \
  -H 'origin: https://devnear.me' \
  -H 'pragma: no-cache' \
  -H 'priority: u=1, i' \
  -H 'referer: https://devnear.me/' \
  -H 'sec-ch-ua: "Google Chrome";v="129", "Not=A?Brand";v="8", "Chromium";v="129"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "macOS"' \
  -H 'sec-fetch-dest: empty' \
  -H 'sec-fetch-mode: cors' \
  -H 'sec-fetch-site: cross-site' \
  -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36' \
  -H 'x-umami-cache: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjE1NzA1MzgzLTc1NmMtNTBjMC05YzI0LWRiZWEzYWI0NmU4MyIsIndlYnNpdGVJZCI6ImJkYWI4YzNjLTU2NDMtNDA0NS05NWFmLTBjZTk1YzEwNGFiOSIsInZpc2l0SWQiOiI5NWM4Nzc4Ni0zNTgwLTU2NmItYjg4MS1mMWUwNDBlOWU5MjciLCJob3N0bmFtZSI6ImRldm5lYXIubWUiLCJicm93c2VyIjoiY2hyb21lIiwib3MiOiJNYWMgT1MiLCJkZXZpY2UiOiJkZXNrdG9wIiwic2NyZWVuIjoiMjU2MHgxNDQwIiwibGFuZ3VhZ2UiOiJlbi1VUyIsImNvdW50cnkiOiJVUyIsInN1YmRpdmlzaW9uMSI6IlVTLUNPIiwiY2l0eSI6IkRlbnZlciIsImlhdCI6MTcyNzY5NjczMH0.-koBRPnJnIsODP-WakY_AAKL3k37ZtG6yokcbT4ZWdY' \
  --data-raw '{"type":"event","payload":{"website":"bdab8c3c-5643-4045-95af-0ce95c104ab9","hostname":"devnear.me","screen":"2560x1440","language":"en-US","title":"Meet%20Near%20Me%20-%20Home","url":"/?address=National+Mall,+Washington,+DC&categories=bocce+ball&start_time=2023-10-18T10:00:00Z&end_time=2099-10-18T10:00:00Z&radius=4200&address","name":"event-list-click-924b3158-8c8d-42cc-ba02-d94c27467fb5","data":{}}}'

The good news is, this cURL request sends back a response that actually explains the problem:

  payload.name must be at most 50 characters

The fact that javascript (browser client) isn't able to read the response body feels like an error in your https://cloud.umami.is/script.js logic to me

Database

PostgreSQL

Relevant log output

No response

Which Umami version are you using? (if relevant)

Cloud

Which browser are you using? (if relevant)

Chrome

How are you deploying your application? (if relevant)

No response

Georgiafab commented 1 month ago

I am a novice, the latest version of the code on the master I pulled directly is 2.13.2, and there are still /api/send 400 problems after copying the tracking script to the target website, i dont known why, there is my script

brianfeister commented 1 month ago

Actually @Georgiafab try making your data-umami-* DOM attribute names very small. That fixed it for me

Georgiafab commented 1 month ago

@brianfeister i dont use data-umami-* DOM attribute , I'm stuck on step one i only use the script ,it responent 400 in my website, it my website url https://redesign86.com